Banca di Piacenza is a bank with around sixty branches serving the province of Piacenza in Emilia-Romagna, Italy.
Their main domain is
"bancadipiacenza·it". To log in to your bank account, it takes you to another domain,
"banking4you·it". This domain looks strange and misleading, and looks like what a low-effort phishing site might use. But it is official. And there lies the problem. Banks and institutions tell us to check the URL when we’re logging in, to make sure it looks authentic. But this URL looks dangerous, so we have to suspend judgement for this domain. And in so doing, it weakens our judgement when we see future phishing domains. We have to remember these strange official domains, despite going against our intuition.
Ideally the bank would use their primary domain for login. But we cannot rid the world of poor official domains. Companies choose the domains they want. Scam advice has to be dynamic and take this into account. Human visual inspection of the login domain doesn’t really work, especially in this case — the domain should be confirmed in an automated link checker.